From 812d6f7b18302f3daa21c1fb3b0baabf0aa36591 Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Wed, 10 Nov 2021 15:15:11 -0700 Subject: [PATCH] Use authorizeHttpRequests in Docs Issue gh-8900 --- .../servlet/authorization/authorize-requests.adoc | 4 ++-- .../servlet/authorization/expression-based.adoc | 4 ++-- .../ROOT/pages/servlet/configuration/java.adoc | 4 ++-- .../modules/ROOT/pages/servlet/integrations/mvc.adoc | 4 ++-- .../ROOT/pages/servlet/integrations/websocket.adoc | 2 +- .../servlet/oauth2/client/authorization-grants.adoc | 2 +- .../ROOT/pages/servlet/oauth2/login/advanced.adoc | 2 +- .../ROOT/pages/servlet/oauth2/login/core.adoc | 6 +++--- .../pages/servlet/oauth2/resource-server/jwt.adoc | 12 ++++++------ .../servlet/oauth2/resource-server/multitenancy.adoc | 6 +++--- .../servlet/oauth2/resource-server/opaque-token.adoc | 10 +++++----- .../pages/servlet/saml2/login/authentication.adoc | 6 +++--- .../ROOT/pages/servlet/saml2/login/overview.adoc | 6 +++--- docs/modules/ROOT/pages/servlet/saml2/logout.adoc | 2 +- 14 files changed, 35 insertions(+), 35 deletions(-) diff --git a/docs/modules/ROOT/pages/servlet/authorization/authorize-requests.adoc b/docs/modules/ROOT/pages/servlet/authorization/authorize-requests.adoc index bbf771a73b..b21c0d096e 100644 --- a/docs/modules/ROOT/pages/servlet/authorization/authorize-requests.adoc +++ b/docs/modules/ROOT/pages/servlet/authorization/authorize-requests.adoc @@ -32,7 +32,7 @@ The explicit configuration looks like: protected void configure(HttpSecurity http) throws Exception { http // ... - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ); } @@ -71,7 +71,7 @@ We can configure Spring Security to have different rules by adding more rules in protected void configure(HttpSecurity http) throws Exception { http // ... - .authorizeRequests(authorize -> authorize // <1> + .authorizeHttpRequests(authorize -> authorize // <1> .mvcMatchers("/resources/**", "/signup", "/about").permitAll() // <2> .mvcMatchers("/admin/**").hasRole("ADMIN") // <3> .mvcMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')") // <4> diff --git a/docs/modules/ROOT/pages/servlet/authorization/expression-based.adoc b/docs/modules/ROOT/pages/servlet/authorization/expression-based.adoc index f5b916d636..218b6dec37 100644 --- a/docs/modules/ROOT/pages/servlet/authorization/expression-based.adoc +++ b/docs/modules/ROOT/pages/servlet/authorization/expression-based.adoc @@ -144,7 +144,7 @@ You could refer to the method using: [source,java,role="primary"] ---- http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .antMatchers("/user/**").access("@webSecurity.check(authentication,request)") ... ) @@ -210,7 +210,7 @@ You could refer to the method using: [source,java,role="primary",attrs="-attributes"] ---- http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .antMatchers("/user/{userId}/**").access("@webSecurity.checkUserId(authentication,#userId)") ... ); diff --git a/docs/modules/ROOT/pages/servlet/configuration/java.adoc b/docs/modules/ROOT/pages/servlet/configuration/java.adoc index 985a01c516..28837ecfaa 100644 --- a/docs/modules/ROOT/pages/servlet/configuration/java.adoc +++ b/docs/modules/ROOT/pages/servlet/configuration/java.adoc @@ -193,7 +193,7 @@ public class MultiHttpSecurityConfig { protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/api/**") <3> - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().hasRole("ADMIN") ) .httpBasic(withDefaults()); @@ -206,7 +206,7 @@ public class MultiHttpSecurityConfig { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ) .formLogin(withDefaults()); diff --git a/docs/modules/ROOT/pages/servlet/integrations/mvc.adoc b/docs/modules/ROOT/pages/servlet/integrations/mvc.adoc index 23bb16ccac..acaa8976d2 100644 --- a/docs/modules/ROOT/pages/servlet/integrations/mvc.adoc +++ b/docs/modules/ROOT/pages/servlet/integrations/mvc.adoc @@ -138,7 +138,7 @@ If we wanted to restrict access to this controller method to admin users, a deve ---- protected configure(HttpSecurity http) throws Exception { http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .antMatchers("/admin").hasRole("ADMIN") ); } @@ -183,7 +183,7 @@ The following configuration will protect the same URLs that Spring MVC will matc ---- protected configure(HttpSecurity http) throws Exception { http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .mvcMatchers("/admin").hasRole("ADMIN") ); } diff --git a/docs/modules/ROOT/pages/servlet/integrations/websocket.adoc b/docs/modules/ROOT/pages/servlet/integrations/websocket.adoc index bb647abf54..d9288df97a 100644 --- a/docs/modules/ROOT/pages/servlet/integrations/websocket.adoc +++ b/docs/modules/ROOT/pages/servlet/integrations/websocket.adoc @@ -456,7 +456,7 @@ public class WebSecurityConfig .sameOrigin() ) ) - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize ... ) ... diff --git a/docs/modules/ROOT/pages/servlet/oauth2/client/authorization-grants.adoc b/docs/modules/ROOT/pages/servlet/oauth2/client/authorization-grants.adoc index b2a60ba35b..09a98abbd3 100644 --- a/docs/modules/ROOT/pages/servlet/oauth2/client/authorization-grants.adoc +++ b/docs/modules/ROOT/pages/servlet/oauth2/client/authorization-grants.adoc @@ -121,7 +121,7 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ) .oauth2Login(oauth2 -> oauth2 diff --git a/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc b/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc index 5eb68e757f..dc29fc9625 100644 --- a/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc +++ b/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc @@ -872,7 +872,7 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ) .oauth2Login(withDefaults()) diff --git a/docs/modules/ROOT/pages/servlet/oauth2/login/core.adoc b/docs/modules/ROOT/pages/servlet/oauth2/login/core.adoc index 129a4ae1dc..a691cd16e4 100644 --- a/docs/modules/ROOT/pages/servlet/oauth2/login/core.adoc +++ b/docs/modules/ROOT/pages/servlet/oauth2/login/core.adoc @@ -321,7 +321,7 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ) .oauth2Login(withDefaults()); @@ -367,7 +367,7 @@ public class OAuth2LoginConfig { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ) .oauth2Login(withDefaults()); @@ -462,7 +462,7 @@ public class OAuth2LoginConfig { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ) .oauth2Login(withDefaults()); diff --git a/docs/modules/ROOT/pages/servlet/oauth2/resource-server/jwt.adoc b/docs/modules/ROOT/pages/servlet/oauth2/resource-server/jwt.adoc index 64ebfda12f..5a6d0ffee5 100644 --- a/docs/modules/ROOT/pages/servlet/oauth2/resource-server/jwt.adoc +++ b/docs/modules/ROOT/pages/servlet/oauth2/resource-server/jwt.adoc @@ -146,7 +146,7 @@ The first is a `WebSecurityConfigurerAdapter` that configures the app as a resou ---- protected void configure(HttpSecurity http) { http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ) .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt); @@ -182,7 +182,7 @@ Replacing this is as simple as exposing the bean within the application: public class MyCustomSecurityConfiguration extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) { http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .mvcMatchers("/messages/**").hasAuthority("SCOPE_message:read") .anyRequest().authenticated() ) @@ -299,7 +299,7 @@ An authorization server's JWK Set Uri can be configured < authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ) .oauth2ResourceServer(oauth2 -> oauth2 @@ -359,7 +359,7 @@ More powerful than `jwkSetUri()` is `decoder()`, which will completely replace a public class DirectlyConfiguredJwtDecoder extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) { http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ) .oauth2ResourceServer(oauth2 -> oauth2 @@ -719,7 +719,7 @@ This means that to protect an endpoint or method with a scope derived from a JWT public class DirectlyConfiguredJwkSetUri extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) { http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .mvcMatchers("/contacts/**").hasAuthority("SCOPE_contacts") .mvcMatchers("/messages/**").hasAuthority("SCOPE_messages") .anyRequest().authenticated() @@ -926,7 +926,7 @@ static class CustomAuthenticationConverter implements Converter authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ) .oauth2ResourceServer(oauth2 -> oauth2 diff --git a/docs/modules/ROOT/pages/servlet/oauth2/resource-server/multitenancy.adoc b/docs/modules/ROOT/pages/servlet/oauth2/resource-server/multitenancy.adoc index 07f804d5cc..bfd5394543 100644 --- a/docs/modules/ROOT/pages/servlet/oauth2/resource-server/multitenancy.adoc +++ b/docs/modules/ROOT/pages/servlet/oauth2/resource-server/multitenancy.adoc @@ -53,7 +53,7 @@ And then specify this `AuthenticationManagerResolver` in the DSL: [source,java,role="primary"] ---- http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ) .oauth2ResourceServer(oauth2 -> oauth2 @@ -109,7 +109,7 @@ JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIs ("https://idp.example.org/issuerOne", "https://idp.example.org/issuerTwo"); http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ) .oauth2ResourceServer(oauth2 -> oauth2 @@ -176,7 +176,7 @@ JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(authenticationManagers::get); http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ) .oauth2ResourceServer(oauth2 -> oauth2 diff --git a/docs/modules/ROOT/pages/servlet/oauth2/resource-server/opaque-token.adoc b/docs/modules/ROOT/pages/servlet/oauth2/resource-server/opaque-token.adoc index 4e0c618599..acccfbc16f 100644 --- a/docs/modules/ROOT/pages/servlet/oauth2/resource-server/opaque-token.adoc +++ b/docs/modules/ROOT/pages/servlet/oauth2/resource-server/opaque-token.adoc @@ -188,7 +188,7 @@ When use Opaque Token, this `WebSecurityConfigurerAdapter` looks like: ---- protected void configure(HttpSecurity http) { http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ) .oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken); @@ -224,7 +224,7 @@ Replacing this is as simple as exposing the bean within the application: public class MyCustomSecurityConfiguration extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) { http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .mvcMatchers("/messages/**").hasAuthority("SCOPE_message:read") .anyRequest().authenticated() ) @@ -338,7 +338,7 @@ An authorization server's Introspection Uri can be configured < authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ) .oauth2ResourceServer(oauth2 -> oauth2 @@ -400,7 +400,7 @@ More powerful than `introspectionUri()` is `introspector()`, which will complete public class DirectlyConfiguredIntrospector extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) { http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ) .oauth2ResourceServer(oauth2 -> oauth2 @@ -479,7 +479,7 @@ This means that to protect an endpoint or method with a scope derived from an Op public class MappedAuthorities extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) { http - .authorizeRequests(authorizeRequests -> authorizeRequests + .authorizeHttpRequests(authorizeRequests -> authorizeRequests .mvcMatchers("/contacts/**").hasAuthority("SCOPE_contacts") .mvcMatchers("/messages/**").hasAuthority("SCOPE_messages") .anyRequest().authenticated() diff --git a/docs/modules/ROOT/pages/servlet/saml2/login/authentication.adoc b/docs/modules/ROOT/pages/servlet/saml2/login/authentication.adoc index 2d6efa7ab2..65edf60069 100644 --- a/docs/modules/ROOT/pages/servlet/saml2/login/authentication.adoc +++ b/docs/modules/ROOT/pages/servlet/saml2/login/authentication.adoc @@ -38,7 +38,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { ); http - .authorizeRequests(authz -> authz + .authorizeHttpRequests(authz -> authz .anyRequest().authenticated() ) .saml2Login(saml2 -> saml2 @@ -106,7 +106,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { }); http - .authorizeRequests(authz -> authz + .authorizeHttpRequests(authz -> authz .anyRequest().authenticated() ) .saml2Login(saml2 -> saml2 @@ -310,7 +310,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { AuthenticationManager authenticationManager = new MySaml2AuthenticationManager(...); http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ) .saml2Login(saml2 -> saml2 diff --git a/docs/modules/ROOT/pages/servlet/saml2/login/overview.adoc b/docs/modules/ROOT/pages/servlet/saml2/login/overview.adoc index fc47e68d59..f7b91a3880 100644 --- a/docs/modules/ROOT/pages/servlet/saml2/login/overview.adoc +++ b/docs/modules/ROOT/pages/servlet/saml2/login/overview.adoc @@ -289,7 +289,7 @@ When including `spring-security-saml2-service-provider`, the `WebSecurityConfigu ---- protected void configure(HttpSecurity http) { http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest().authenticated() ) .saml2Login(withDefaults()); @@ -323,7 +323,7 @@ You can replace this by exposing the bean within the application: public class MyCustomSecurityConfiguration extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) { http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .mvcMatchers("/messages/**").hasAuthority("ROLE_USER") .anyRequest().authenticated() ) @@ -471,7 +471,7 @@ Alternatively, you can directly wire up the repository using the DSL, which will public class MyCustomSecurityConfiguration extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) { http - .authorizeRequests(authorize -> authorize + .authorizeHttpRequests(authorize -> authorize .mvcMatchers("/messages/**").hasAuthority("ROLE_USER") .anyRequest().authenticated() ) diff --git a/docs/modules/ROOT/pages/servlet/saml2/logout.adoc b/docs/modules/ROOT/pages/servlet/saml2/logout.adoc index 0d1a886753..04c6ed0f94 100644 --- a/docs/modules/ROOT/pages/servlet/saml2/logout.adoc +++ b/docs/modules/ROOT/pages/servlet/saml2/logout.adoc @@ -43,7 +43,7 @@ RelyingPartyRegistrationRepository registrations() { @Bean SecurityFilterChain web(HttpSecurity http, RelyingPartyRegistrationRepository registrations) throws Exception { http - .authorizeRequests((authorize) -> authorize + .authorizeHttpRequests((authorize) -> authorize .anyRequest().authenticated() ) .saml2Login(withDefaults())